Filtered by vendor Gnu
Subscriptions
Total
1164 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2362 | 1 Gnu | 1 Binutils | 2025-04-03 | 7.3 High |
| Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character. | ||||
| CVE-2006-1902 | 1 Gnu | 1 Gcc | 2025-04-03 | N/A |
| fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." | ||||
| CVE-2006-1712 | 1 Gnu | 1 Mailman | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. | ||||
| CVE-2005-2960 | 2 Debian, Gnu | 2 Debian Linux, Cfengine | 2025-04-03 | N/A |
| cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. | ||||
| CVE-2006-0455 | 2 Gnu, Redhat | 2 Privacy Guard, Enterprise Linux | 2025-04-03 | N/A |
| gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify". | ||||
| CVE-2004-0131 | 1 Gnu | 1 Radius | 2025-04-03 | N/A |
| The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference. | ||||
| CVE-2005-2180 | 1 Gnu | 1 Gnats | 2025-04-03 | N/A |
| gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. | ||||
| CVE-2004-0354 | 1 Gnu | 1 Anubis | 2025-04-03 | N/A |
| Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c. | ||||
| CVE-2005-1824 | 1 Gnu | 1 Mailutils | 2025-04-03 | N/A |
| The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks. | ||||
| CVE-2005-1522 | 1 Gnu | 1 Mailutils | 2025-04-03 | N/A |
| The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. | ||||
| CVE-2004-0849 | 1 Gnu | 1 Radius | 2025-04-03 | N/A |
| Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests. | ||||
| CVE-2005-1521 | 1 Gnu | 1 Mailutils | 2025-04-03 | N/A |
| Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow. | ||||
| CVE-2006-0075 | 1 Gnu | 1 Phpbook | 2025-04-03 | N/A |
| Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file. | ||||
| CVE-2006-0052 | 2 Gnu, Redhat | 2 Mailman, Enterprise Linux | 2025-04-03 | N/A |
| The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. | ||||
| CVE-2005-1111 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Cpio and 1 more | 2025-04-03 | 4.7 Medium |
| Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | ||||
| CVE-2005-1039 | 1 Gnu | 1 Coreutils | 2025-04-03 | N/A |
| Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. | ||||
| CVE-2004-0422 | 2 Gnu, Redhat | 2 Flim, Enterprise Linux | 2025-04-03 | N/A |
| flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack. | ||||
| CVE-2005-0758 | 3 Canonical, Gnu, Redhat | 3 Ubuntu Linux, Gzip, Enterprise Linux | 2025-04-03 | N/A |
| zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | ||||
| CVE-2002-0388 | 2 Gnu, Redhat | 5 Mailman, Enterprise Linux, Linux and 2 more | 2025-04-03 | N/A |
| Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. | ||||
| CVE-2002-1146 | 2 Gnu, Redhat | 3 Glibc, Enterprise Linux, Linux | 2025-04-03 | N/A |
| The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). | ||||